Label Poisoning Mitigation in Federated DDoS Detection Systems
Abstract
Network traffic monitoring is essential for understanding infrastructure behavior and assessing component integrity. Federated learning has emerged as a promising approach for defense systems based on traffic monitoring, enabling distributed model training without direct data sharing. However, traditional methods assume a federated environment composed solely of honest clients, overlooking the possibility of label poisoning attacks. This paper proposes a novel federated learning framework robust against network attacks, focusing on mitigating malicious clients. Our approach employs Siamese Networks techniques to quantify data adherence and dynamically adjust the weighting of each client’s contributions, enhancing the model’s resilience against adversarial manipulations. The results demonstrate that our strategy not only improves attack detection but also significantly reduces the impact of label poisoning on federated learning.
Keywords:
Federated Learning, DDoS, Uncertainty Quantification
References
Ali, M. N., Imran, M., Din, M. S. U., & Kim, B.-S. (2023). Low rate DDoS detection using weighted federated learning in SDN control plane in IoT network. Applied Sciences, 13(3).
Bansal, Y., Arora, S., & Ramaswamy, K. (2020). For self-supervised learning, rationality implies generalization, provably. In International Conference on Learning Representations (ICLR).
Barros, P. H., Chagas, E. T., Oliveira, L. B., Queiroz, F., & Ramos, H. S. (2022). Malware-smell: A zero-shot learning strategy for detecting zero-day vulnerabilities. Computers & Security, 120, 102785.
Barros, P. H., Murai, F., Houmansadr, A., Frery, A. C., & Ramos, H. S. (2024). Variational inference in similarity spaces: A Bayesian approach to personalized federated learning. In NeurIPS 2024 Workshop on Bayesian Decision-making and Uncertainty.
Blanchard, P., El Mhamdi, E. M., Guerraoui, R., & Stainer, J. (2017). Machine learning with adversaries: Byzantine tolerant gradient descent. In Advances in Neural Information Processing Systems (Vol. 30).
Chen, J., Guo, Q., Fu, Z., Shang, Q., Ma, H., & Wu, D. (2022). Campus network intrusion detection based on federated learning. In 2022 International Joint Conference on Neural Networks (IJCNN) (pp. 1–8).
Chen, L.-Y., Chiu, T.-C., Pang, A.-C., & Cheng, L.-C. (2021). Fedequal: Defending model poisoning attacks in heterogeneous federated learning. In IEEE Global Communications Conference (GLOBECOM).
Dao, N.-N., Phan, T. V., Sa’ad, U., Kim, J., Bauschert, T., Do, D.-T., & Cho, S. (2022). Securing heterogeneous IoT with intelligent DDoS attack behavior learning. IEEE Systems Journal, 16(2), 1974–1983.
Fang, M., Cao, X., Jia, J., & Gong, N. (2020). Local model poisoning attacks to Byzantine-Robust federated learning. In 29th USENIX Security Symposium (pp. 1605–1622). USENIX Association.
Finn, C., Abbeel, P., & Levine, S. (2017). Model-agnostic meta-learning for fast adaptation of deep networks. In International Conference on Machine Learning (pp. 1126–1135). PMLR.
Hendrycks, D., Mazeika, M., Wilson, D., & Gimpel, K. (2018). Using trusted data to train deep networks on labels corrupted by severe noise. In Advances in Neural Information Processing Systems (Vol. 31).
Issa, W., Moustafa, N., Turnbull, B., Sohrabi, N., & Tari, Z. (2023). Blockchain-based federated learning for securing internet of things: A comprehensive survey. ACM Computing Surveys, 55(9).
Koch, G., Zemel, R. S., & Salakhutdinov, R. (2015). Siamese neural networks for one-shot image recognition. In ICML Deep Learning Workshop (Vol. 2).
Lavaur, L., Pahl, M.-O., Busnel, Y., & Autrel, F. (2022). The evolution of federated learning-based intrusion detection and mitigation: A survey. IEEE Transactions on Network and Service Management, 2309–2332.
Li, C., Niu, D., Jiang, B., Zuo, X., & Yang, J. (2021). Meta-HAR: Federated representation learning for human activity recognition. In Proceedings of the Web Conference 2021 (WWW '21, pp. 912–922).
Li, J., Wang, Y., Zhang, Z., Guo, X., & Li, H. (2022). FLEAM: A federated learning empowered architecture to mitigate DDoS in industrial IoT. IEEE Transactions on Industrial Informatics, 18(6), 4059–4068.
Li, J., Zhang, Z., Li, Y., Guo, X., & Li, H. (2021). FIDS: Detecting DDoS through federated learning based method. In 2021 IEEE 20th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), (pp. 856–862).
Li, Q., Diao, Y., Chen, Q., & He, B. (2022). Federated learning on non-IID data silos: An experimental study. In IEEE International Conference on Data Engineering.
Li, T., Sahu, A. K., Talwalkar, A., & Smith, V. (2020). Federated learning: Challenges, methods, and future directions. IEEE Signal Processing Magazine, 50–60.
Liu, Z., Guo, C., Liu, D., & Yin, X. (2023). An asynchronous federated learning arbitration model for low-rate DDoS attack detection. IEEE Access, 11.
Lv, D., Cheng, X., Zhang, J., Zhang, W., Zhao, W., & Xu, H. (2022). DDoS attack detection based on CNN and federated learning. In International Conference on Advanced Cloud and Big Data (pp. 236).
Nguyen, D. C., Ding, M., Pathirana, P. N., Seneviratne, A., Li, J., & Poor, H. V. (2021). Federated learning for internet of things: A comprehensive survey. IEEE Communications Surveys & Tutorials, 23(3), 1622–1658.
Pillutla, K., Kakade, S. M., & Harchaoui, Z. (2022). Robust aggregation for federated learning. IEEE Transactions on Signal Processing, 70, 1142–1154.
Sarhan, M., Layeghy, S., & Portmann, M. (2022). Towards a standard feature set for network intrusion detection system datasets. Mobile Networks and Applications, 27(1), 357–370.
Sharafaldin, I., Snapp, J., & Davy, D. (2018). Toward generating a new intrusion detection dataset and intrusion traffic characterization. In International Conference on Information Systems Security and Privacy (ICISSP) (pp. 108–116).
Su, D., & Qu, Z. (2022). Detection DDoS of attacks based on federated learning with digital twin network. In Memmi, G., Yang, B., Kong, L., Zhang, T., & Qiu, M. (Eds.), Knowledge Science, Engineering and Management (pp. 153–164). Cham.
Tian, Q., Guang, C., Wenchao, C., & Si, W. (2021). A lightweight residual networks framework for DDoS attack classification based on federated learning. In IEEE INFOCOM 2021 - IEEE Conference on Computer Communications Workshops (pp. 1–6).
Toldinas, J., Venckauskas, A., Liutkevičius, A., & Morkevičius, N. (2022). Framing network flow for anomaly detection using image recognition and federated learning. Electronics, 11(19).
Van Engelen, J. E., & Hoos, H. H. (2020). A survey on semi-supervised learning. Machine Learning, 109(2), 373–440.
Wang, H., Sreenivasan, K., Rajput, S., Vishwakarma, H., Agarwal, S., Sohn, J.-Y., Lee, K., & Papailiopoulos, D. (2020). Attack of the tails: Yes, you really can backdoor federated learning. In Proceedings of the 34th International Conference on Neural Information Processing Systems (NIPS’20) (Red Hook, NY, USA).
Yin, D., Chen, Y., Kannan, R., & Bartlett, P. (2018). Byzantine-robust distributed learning: Towards optimal statistical rates. In Proceedings of the International Conference on Machine Learning (Vol. 80, pp. 5650–5659).
Yin, Z., Li, K., & Bi, H. (2022). Trusted multi-domain DDoS detection based on federated learning. Sensors.
Zhang, C., Bengio, S., Hardt, M., Recht, B., & Vinyals, O. (2017). Understanding deep learning requires rethinking generalization. In International Conference on Learning Representations.
Zhang, J., Yu, P., Qi, L., Liu, S., Zhang, H., & Zhang, J. (2021). FLDDoS: DDoS attack detection model based on federated learning. In 2021 IEEE 20th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom) (pp. 635–642).
Zhao, Y., Chen, J., Wu, D., Teng, J., & Yu, S. (2019). Multi-task network anomaly detection using federated learning. In Proceedings of the 10th International Symposium on Information and Communication Technology (SoICT ’19) (pp. 273–279).
Bansal, Y., Arora, S., & Ramaswamy, K. (2020). For self-supervised learning, rationality implies generalization, provably. In International Conference on Learning Representations (ICLR).
Barros, P. H., Chagas, E. T., Oliveira, L. B., Queiroz, F., & Ramos, H. S. (2022). Malware-smell: A zero-shot learning strategy for detecting zero-day vulnerabilities. Computers & Security, 120, 102785.
Barros, P. H., Murai, F., Houmansadr, A., Frery, A. C., & Ramos, H. S. (2024). Variational inference in similarity spaces: A Bayesian approach to personalized federated learning. In NeurIPS 2024 Workshop on Bayesian Decision-making and Uncertainty.
Blanchard, P., El Mhamdi, E. M., Guerraoui, R., & Stainer, J. (2017). Machine learning with adversaries: Byzantine tolerant gradient descent. In Advances in Neural Information Processing Systems (Vol. 30).
Chen, J., Guo, Q., Fu, Z., Shang, Q., Ma, H., & Wu, D. (2022). Campus network intrusion detection based on federated learning. In 2022 International Joint Conference on Neural Networks (IJCNN) (pp. 1–8).
Chen, L.-Y., Chiu, T.-C., Pang, A.-C., & Cheng, L.-C. (2021). Fedequal: Defending model poisoning attacks in heterogeneous federated learning. In IEEE Global Communications Conference (GLOBECOM).
Dao, N.-N., Phan, T. V., Sa’ad, U., Kim, J., Bauschert, T., Do, D.-T., & Cho, S. (2022). Securing heterogeneous IoT with intelligent DDoS attack behavior learning. IEEE Systems Journal, 16(2), 1974–1983.
Fang, M., Cao, X., Jia, J., & Gong, N. (2020). Local model poisoning attacks to Byzantine-Robust federated learning. In 29th USENIX Security Symposium (pp. 1605–1622). USENIX Association.
Finn, C., Abbeel, P., & Levine, S. (2017). Model-agnostic meta-learning for fast adaptation of deep networks. In International Conference on Machine Learning (pp. 1126–1135). PMLR.
Hendrycks, D., Mazeika, M., Wilson, D., & Gimpel, K. (2018). Using trusted data to train deep networks on labels corrupted by severe noise. In Advances in Neural Information Processing Systems (Vol. 31).
Issa, W., Moustafa, N., Turnbull, B., Sohrabi, N., & Tari, Z. (2023). Blockchain-based federated learning for securing internet of things: A comprehensive survey. ACM Computing Surveys, 55(9).
Koch, G., Zemel, R. S., & Salakhutdinov, R. (2015). Siamese neural networks for one-shot image recognition. In ICML Deep Learning Workshop (Vol. 2).
Lavaur, L., Pahl, M.-O., Busnel, Y., & Autrel, F. (2022). The evolution of federated learning-based intrusion detection and mitigation: A survey. IEEE Transactions on Network and Service Management, 2309–2332.
Li, C., Niu, D., Jiang, B., Zuo, X., & Yang, J. (2021). Meta-HAR: Federated representation learning for human activity recognition. In Proceedings of the Web Conference 2021 (WWW '21, pp. 912–922).
Li, J., Wang, Y., Zhang, Z., Guo, X., & Li, H. (2022). FLEAM: A federated learning empowered architecture to mitigate DDoS in industrial IoT. IEEE Transactions on Industrial Informatics, 18(6), 4059–4068.
Li, J., Zhang, Z., Li, Y., Guo, X., & Li, H. (2021). FIDS: Detecting DDoS through federated learning based method. In 2021 IEEE 20th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), (pp. 856–862).
Li, Q., Diao, Y., Chen, Q., & He, B. (2022). Federated learning on non-IID data silos: An experimental study. In IEEE International Conference on Data Engineering.
Li, T., Sahu, A. K., Talwalkar, A., & Smith, V. (2020). Federated learning: Challenges, methods, and future directions. IEEE Signal Processing Magazine, 50–60.
Liu, Z., Guo, C., Liu, D., & Yin, X. (2023). An asynchronous federated learning arbitration model for low-rate DDoS attack detection. IEEE Access, 11.
Lv, D., Cheng, X., Zhang, J., Zhang, W., Zhao, W., & Xu, H. (2022). DDoS attack detection based on CNN and federated learning. In International Conference on Advanced Cloud and Big Data (pp. 236).
Nguyen, D. C., Ding, M., Pathirana, P. N., Seneviratne, A., Li, J., & Poor, H. V. (2021). Federated learning for internet of things: A comprehensive survey. IEEE Communications Surveys & Tutorials, 23(3), 1622–1658.
Pillutla, K., Kakade, S. M., & Harchaoui, Z. (2022). Robust aggregation for federated learning. IEEE Transactions on Signal Processing, 70, 1142–1154.
Sarhan, M., Layeghy, S., & Portmann, M. (2022). Towards a standard feature set for network intrusion detection system datasets. Mobile Networks and Applications, 27(1), 357–370.
Sharafaldin, I., Snapp, J., & Davy, D. (2018). Toward generating a new intrusion detection dataset and intrusion traffic characterization. In International Conference on Information Systems Security and Privacy (ICISSP) (pp. 108–116).
Su, D., & Qu, Z. (2022). Detection DDoS of attacks based on federated learning with digital twin network. In Memmi, G., Yang, B., Kong, L., Zhang, T., & Qiu, M. (Eds.), Knowledge Science, Engineering and Management (pp. 153–164). Cham.
Tian, Q., Guang, C., Wenchao, C., & Si, W. (2021). A lightweight residual networks framework for DDoS attack classification based on federated learning. In IEEE INFOCOM 2021 - IEEE Conference on Computer Communications Workshops (pp. 1–6).
Toldinas, J., Venckauskas, A., Liutkevičius, A., & Morkevičius, N. (2022). Framing network flow for anomaly detection using image recognition and federated learning. Electronics, 11(19).
Van Engelen, J. E., & Hoos, H. H. (2020). A survey on semi-supervised learning. Machine Learning, 109(2), 373–440.
Wang, H., Sreenivasan, K., Rajput, S., Vishwakarma, H., Agarwal, S., Sohn, J.-Y., Lee, K., & Papailiopoulos, D. (2020). Attack of the tails: Yes, you really can backdoor federated learning. In Proceedings of the 34th International Conference on Neural Information Processing Systems (NIPS’20) (Red Hook, NY, USA).
Yin, D., Chen, Y., Kannan, R., & Bartlett, P. (2018). Byzantine-robust distributed learning: Towards optimal statistical rates. In Proceedings of the International Conference on Machine Learning (Vol. 80, pp. 5650–5659).
Yin, Z., Li, K., & Bi, H. (2022). Trusted multi-domain DDoS detection based on federated learning. Sensors.
Zhang, C., Bengio, S., Hardt, M., Recht, B., & Vinyals, O. (2017). Understanding deep learning requires rethinking generalization. In International Conference on Learning Representations.
Zhang, J., Yu, P., Qi, L., Liu, S., Zhang, H., & Zhang, J. (2021). FLDDoS: DDoS attack detection model based on federated learning. In 2021 IEEE 20th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom) (pp. 635–642).
Zhao, Y., Chen, J., Wu, D., Teng, J., & Yu, S. (2019). Multi-task network anomaly detection using federated learning. In Proceedings of the 10th International Symposium on Information and Communication Technology (SoICT ’19) (pp. 273–279).
Published
2025-05-19
How to Cite
BARROS, Pedro H.; MURAI, Fabricio; HOUMANSADR, Amir; LOUREIRO, Antonio A. F.; FRERY, Alejandro C.; RAMOS, Heitor S..
Label Poisoning Mitigation in Federated DDoS Detection Systems. In: BRAZILIAN SYMPOSIUM ON COMPUTER NETWORKS AND DISTRIBUTED SYSTEMS (SBRC), 43. , 2025, Natal/RN.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2025
.
p. 336-349.
ISSN 2177-9384.
DOI: https://doi.org/10.5753/sbrc.2025.5923.
